hi,
I've been experiencing some funnies on fw-1. we have a machine that connects
to another machine via a IPSEC tunnel across a ISDN dialup link. the setup
is as follows:
NT Server (B) --> FW-1 on NT (C) --> Cisco router --> IBM Router --> FW-1 on
Solaris --> FreeBSD Server (A)
ISDN dialup connection between the Cisco router and the IBM router. IPSEC
running between the two routers.
if A initiates the session, the connection works. if B initiates the
session, the connection isn't established.
this is what I see when I do a tcpdump on the FreeBSD server: B sends a syn
request. A responds with an ack. B sends an ack back, but with a window size
of 0. this causes A to send a reset, and the connection is dropped.
If I move B to the outside of the network, i.e.. give it the Valid external
ip and connect it to the Cisco router, it works fine. the FW-1 on NT is
version 4.1 sp 3. and NT service pack 6a. according to the fw-logs on the C
firewall the translation is fine and it's allowing the data through. the
routing isn't an issue, because the packets are actually reaching the remote
side, A.
I would really appreciate any assistance.
regards
Andre'
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
